Portable computing devices, such as mobile phones, portable and tablet computers, entertainment devices, handheld navigation devices, and the like are commonly implemented with a touch-screen display designed for user touch-input of text characters and passwords, such as in text entry boxes in a user interface form, page, or document. Text editing controls allow a user to input text characters into a text box, such as on a touch-screen, or with a keyboard, mouse, or similar input device.
A device user may enter a password into a text box, such as in a user interface page, and the password characters are obfuscated so as not to reveal the password as the user enters it. If the user suspects a mistake while entering the password characters, the user cannot see which characters of the password may have been entered incorrectly. The entry of an incorrect password can lead to several undesired results. For example, an authentication service can take a considerable amount of time to verify an incorrect password. Further, an authentication service may only allow a user a limited number of attempts to enter a correct password before the system locks the user out. Additionally, when an incorrect password is entered, the system typically clears all of the password text, which forces a user to re-enter the entire password again.
Techniques that attempt to address these undesired results from the entry of an incorrect password have inherent limitations and security disadvantages. For example, some computing systems limit passwords to simple characters, such as only a personal identification number (PIN) of numbers. This fundamentally restricts the inherent strength of alphanumeric passwords and is generally only suitable for low-security implementations. Other computing systems display a user interface or pop-up that allows the user to see the password characters as the user enters the password, which can compromise the intended security if others can see the password as it is being entered, particularly in public settings.